帖子内容
Okay, so y'all have probably heard about this 10/10 critical security breach 💀 Here some sources about it : • Run a vulnerable log4j instance (at your own risks !) • Cloudflare blog article for a better understanding (complete, as usual 😌) • Another good article • Some lists of IP's catched for using the breach [1][2] (regularly updated) • A vaccine for it • fail2ban filter rule (blocks anyone who wants to use the exploit) • Full list of infos/ressources about it ❗ • Another complete list of ressources ❗ • Tool for finding if the breach is present on your organization [tool made by the CISA 😳] • Unusual : the exploit can be used through iPhones and Tesla 😂🥲 • A variant of the breach • 6 months after, this flaw is still actively used The solution is obviously to update Apache 🤓 Good luck if you're facing this